A goal of securing a network is to be able to collect information on how the network behaves and to learn qualitative and quantitative characteristics of network traffic flowing through the network. Also, if threats such as malware are detected by malware tools and intrusion prevention systems, it is useful to be informed about such threats at a central location. However, in a distributed network environment, there are many network security devices through which network traffic flows. Each security device generates up to thousands of network accesses and related events per second. Users of the network may be in branches, distributed offices and use cloud services. All of these factors make collecting and analyzing information related to the network traffic difficult.